The Zscaler ThreatLabz 2024 report provides a comprehensive analysis of security risks that have emerged between June 2023 and May 2024. This period has seen major vulnerabilities across three major areas: mobile applications, Internet of Things (IoT) devices, and Operational Technology (OT) systems.

Mobile applications continue to be exposed to increasing malware threats, while IoT and OT systems face rising cyberattacks, driven by both the rapid expansion of device connectivity and the growing reliance on outdated, vulnerable infrastructure.

The convergence of IT and OT networks has further widened the attack surface, introducing new points of entry for bad actors. For developers, the report stresses the importance of designing security protocols from the outset to mitigate these threats effectively.

200+ infected apps found on Google Play—Developers must take security seriously

Zscaler’s findings are worrying—over 200 malicious applications were found on the Google Play Store, collectively surpassing 8 million downloads. This proliferation is a major red flag for developers—highlighting weaknesses in both the development and app store review processes—with consequences that can include data breaches, financial loss, and reputational damage.

The fact that so many infected apps can slip through standard review procedures points to a pressing need for more rigorous vetting processes.

Developers should adopt stronger encryption, secure coding practices, and more thorough vulnerability testing before release. At the same time, app stores like Google Play must improve their malware detection mechanisms to prevent harmful applications from reaching users. As the volume of mobile downloads continues to climb, so does the urgency to address these gaps.

Mobile malware is exploding in the tech, education, and manufacturing sectors

Mobile malware threats are not evenly distributed across industries. According to the report, technology and education sectors top the list, each accounting for 18% of mobile malware attacks. These sectors are high-value targets due to their vast user bases and sensitive data storage.

The manufacturing sector, responsible for 14% of mobile malware attacks, is similarly vulnerable as it adopts more smart manufacturing techniques reliant on mobile applications.

Each of these sectors faces unique risks, from intellectual property theft in tech firms to sensitive student data exposure in education. Developers in these industries must embed robust security protocols such as multi-factor authentication (MFA) and encrypted communication channels to protect mobile apps from persistent threats.

IoT developers need stronger defenses against emerging threats and risks

The threats against IoT have escalated sharply, with a 45% increase in IoT malware blocks observed by Zscaler’s cloud platform over the past year. This surge is attributed to the rising number of connected devices, each potentially serving as an entry point for cybercriminals.

Insecure IoT devices can compromise entire networks, making them a critical vulnerability that developers must address.

Developers need to prioritize device authentication, secure firmware updates, and network segmentation to limit exposure.

Given the complexity of IoT ecosystems, solutions like AI-powered security tools that automatically detect and mitigate threats in real-time can prove essential for keeping these devices secure.

Why 36% of IoT malware targets the manufacturing Industry

For the second year running, the manufacturing sector remains the top target for IoT malware, accounting for 36% of all attacks on Zscaler’s platform. The sector’s extensive reliance on IoT applications—from smart factories to supply chain automation—creates multiple vulnerabilities.

Manufacturing is an attractive target for threat actors looking to disrupt operations or hold critical systems for ransom.

Given the potential consequences of these attacks—ranging from production halts to large-scale operational shutdowns—developers working with industrial IoT solutions must embed real-time monitoring, anomaly detection, and automatic threat response mechanisms into their systems.

Layered defenses help reduce the risk of intrusion and safeguard critical infrastructure.

How old assets and legacy systems are opening IoT and OT to attack

One of the most urgent risks highlighted in the report is the exploitation of legacy exposed assets. Older systems, often overlooked during upgrades or expansions, provide an easy gateway for cybercriminals into both IoT and OT environments.

Gaining access through legacy systems, attackers can infiltrate networks and move laterally, compromising both digital and operational systems. The consequences are often severe—data breaches and ransomware attacks remain the most common results.

AI-powered zero-trust solutions, as recommended by Zscaler’s Chief Security Officer Deepen Desai, offer a more advanced approach to security by preventing unauthorized access across the board. These systems limit access based on user authentication, device health, and network location, reducing the likelihood of a successful breach.

OT systems at risk as enterprise integration expands attack surfaces

The integration of Operational Technology (OT) systems with broader enterprise networks has expanded the overall attack surface, leaving organizations vulnerable to cyber threats.

Historically, OT systems operated in isolated environments, minimizing the risk of external breaches. Today, as companies integrate these systems with IT networks for greater efficiency, they expose OT assets to the same threats that target traditional corporate networks.

Interconnectedness increases the risk of lateral movement within a network once an attacker gains access.

For developers, the key to addressing this expanded risk lies in network segmentation, firewalls, and constant monitoring. Adding to this, OT developers should also apply multi-layered defenses and access controls to prevent unauthorized access and potential disruption of critical systems.

Fintech and banking sector malware trends

29% increase in banking malware attacks

The fintech sector has been hit hard, with banking malware attacks rising by 29% year-on-year.

One particularly aggressive threat, Anatsa, targets over 650 financial institutions globally. This Android banking malware has been particularly prevalent in countries like Germany, Spain, Finland, South Korea, and Singapore.

The growing sophistication of these attacks has prompted fintech developers to sharpen their defenses against increasingly complex malware designed to steal financial credentials and personal data.

111% increase in spyware incidents

Spyware attacks have surged by an alarming 111%, pointing out a notable shift in tactics. Spyware infiltrates devices undetected, letting attackers steal sensitive information over extended periods.

For developers in the financial sector, this rise in spyware highlights the need for improved encryption, end-to-end security, and user education about the risks posed by unauthorized access.

Security must be built from day one

Whether it’s for mobile apps, IoT devices, or OT systems, security must be integrated into every stage of development. Zscaler’s report clearly shows that cyber threats continue to evolve, and developers can no longer afford to treat security as an afterthought.

Security frameworks, threat detection tools, and continuous monitoring should be embedded into product design from the initial planning stages to prevent breaches, data theft, and operational disruptions across industries.

Tim Boesen

October 25, 2024

5 Min